BitLocker can't be enabled by Sophos after had been activated manually

Hi Mitch,

Thank you for reaching us, Is it managed via Sophos central device encryption or via Sophos safeguard? Can you perform the below steps and let us know the status,

• Disable BitLocker with the following command: manage-bde -protectors -disable c:
• Reboot the computer
• Enable BitLocker again with the following command: manage-bde -protectors -enable c:
  
  

Ensure to run this command via elevated command prompt access. 

Glenn -

We're using Sophos Central device encryption. That was very helpful, but I had to tweak the method. After doing steps 1-3, I got the same message:

BitLocker could not be enabled.
The BitLocker encryption key cannot be obtained. Verify that the Trusted Platform Module (TPM) is enabled and ownership has been taken. If this computer does not have a TPM, verify that the USB drive is inserted and available.
C: was not encrypted.

I tried several combinations of disabling and re-enabling BitLocker. I also re-installed Sophos. In the end, what worked was simply disabling BitLocker and rebooting. I think the reason the error is coming up is because BitLocker *IS* enabled and Sophos can't enable it -- possibly a bug in software to check for that status. I don't know at what stage Sophos gets the key from BitLocker, perhaps it is at enablement.

So for anyone else dealing with this, I'd try using the DISABLE command "manage-bde -protectors -disable c:", reboot, and give Sophos Central time to attempt the encryption.

Again, thanks for your help!

Thank you Mitch for your confirmation and for sharing the steps you've applied to fix and solve the issue that you're getting.